1. Field of Invention
This invention relates to systems and methods for authenticating a communication between at least two devices that is transmitted using a network medium.
2. Background of the Related Art
Developments in network communications have enabled users to receive information, such as documents, over the network medium. The network medium includes wired networks and wireless networks. Information transmitted over the network medium may be accessible to others. However, users typically desire that such information received not be available to others.
FIG. 1 illustrates an example where a user 110 is in a public place that is accessible to others. The user 110 wants to print a sensitive document that the user 110 just received on the user's wireless device 112. As shown in FIG. 1, the user 110 may have access to a number of printers 122, 124, 126 or 128 with wireless capabilities by various companies, some of which may be familiar to the user 110 and some which may not be familiar. The user 110 wants to choose a particular printer such as, for example, a first printer 122, and further wants to ensure that the user's wireless device 112 prints to that first printer 122 and to no other printers 124, 126, 128 or any other device. Additionally, the user 110 wants to ensure that no other person 130 within the wireless transmission range of the wireless device 112, can learn the contents of the sensitive document.
To do this, the user 110 needs to let the wireless device 112 know how to find the first printer 122 over a wireless medium, such as a wireless network. Conventionally, there are few options user 110 may use to find the first printer 122. Assuming each printer has a unique name, the user 110 may type the name of the first printer 122 into the user's wireless device 112. Alternatively, the user 110 may have access to a discovery protocol, where the user 110 may pick the first printer 122 out of a list of printers. But the wireless device 112 should guarantee that it is actually talking to the first printer 122 and that the communication is secure.
One method of bootstrapping trust in the specific context of ad-hoc wireless networks is available in various known wireless protocols. One system, commercially available under the Bluetooth trade name, in its most secure configuration, requires users to enter a random personal identification number (PIN) into each wireless device that is to participate in communication, placing the burden of establishing shared secrets on the user. In addition, Bluetooth has been subject to security breaches. Wired Equivalent Privacy (WEP), the link-layer security protocol for ANSI/IEEE 802.11, also has usability issues. It requires a group of communicating wireless devices to be initialized with the same key, usually derived from a password. WEP too has been subject to security breaches.
Another method may be to use an out-of-band mechanism for establishing security. Frank Stajano et al., “Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks,” 7th International Workshop, Lecture Notes in Computer Science, Cambridge, United Kingdom, April 1999, Springer-Verlag, Berlin, Germany, describes a security model usable to regulate secure transient association between devices in ad-hoc wireless networks. In the model, a “mother-duckling” relationship between two devices is set up when the “mother” device establishes a shared secret with the “duckling” device through a physical contact. The shared secret enables the “duckling” device to recognize the “mother” device and be controlled by the “mother” device in future interactions. The “mother” device may upload an access-control policy into the “duckling” device, which determines the type of relationships that the “duckling” device may have with various other devices. More importantly, the shared secret allows the “mother” and “duckling” devices to securely communicate.
FIG. 2 illustrates one exemplary embodiment where several users 221, 223, 225, and 227 with wireless devices 201, 203, 205 and 207, such as a laptop computer with wireless capabilities, are located within a locality, such as a conference room at a conference center. The users 221, 223, 225 and 227 desire to exchange various sensitive documents among themselves using the wireless devices 201, 203, 205 and 207. However, among the many problems associated with this approach is that the radio frequencies in which the wireless devices operate penetrate the conference room walls. As a result the sensitive documents are subject to capture by potential eavesdroppers 222, 224 and 226 lurking in the corridors or the next conference room.